OT Ransomware Resilience – Are you Ready for an OT Impacting Ransomware Attack?

Traditional ransomware impacts data – data availability, data confidentiality, and even data integrity. The targets of traditional ransomware are often IT devices and the recovery method is typically a restore from backup (or rebuild). While annoying and inconvenient, it’s not usually an operations impacting event – Colonial Pipeline notwithstanding. However, as ransomware groups continue evolving their tradecraft and capabilities, anything is possible. In our modern critical infrastructure environments, with the mix and convergence of IoT, IT, and OT assets, the attack surface is broad and it’s only a matter of time before ransomware groups leverage the weaknesses of each platform to cause significant operational disruption. Is your utility prepared to recover?

To help prepare critical infrastructure entities for such scenarios, Forescout’s Vedere Labs developed a first of its kind report and playbook for organizations to use to protect themselves against what it dubbed, “Ransomware for IoT,” or R4IoT. The basis of the report focuses on how IoT devices can be exploited for initial access and lateral movement to IT and OT devices, with the objective of causing physical disruption of business operations. As highlighted by SecurityWeek, R4IoT is not a new development in malware. It uses exploits that already exist. Additionally, Forescout looks at how R4IoT could be used to internally attack PLCs, where the effects would likely be more dramatic, immediate, and difficult to mitigate. For more on R4IoT, visit Forescout.